General
-
Target
2eef2757_by_Libranalysis
-
Size
1.1MB
-
Sample
210503-7ssxxlyjxx
-
MD5
2eef27576ba66a0aa6c3cac328aa9afe
-
SHA1
68977bc0319cd5bc3f32f505f35c663798b5a8a7
-
SHA256
225c460dc6f080da60943e84ce4ad24d7d078e39c8f3d66bdae1830ae6c3742f
-
SHA512
365c7a04c6091b888c7f6c186a08732d535d990003885c16f32fcf46488e1846d056b2fc2c9d1ea726f73f05f20cef716b48bb2a0f157211be862783cf43d1a6
Malware Config
Extracted
formbook
4.1
http://www.joomlas123.info/3nop/
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
Targets
-
-
Target
2eef2757_by_Libranalysis
-
Size
1.1MB
-
MD5
2eef27576ba66a0aa6c3cac328aa9afe
-
SHA1
68977bc0319cd5bc3f32f505f35c663798b5a8a7
-
SHA256
225c460dc6f080da60943e84ce4ad24d7d078e39c8f3d66bdae1830ae6c3742f
-
SHA512
365c7a04c6091b888c7f6c186a08732d535d990003885c16f32fcf46488e1846d056b2fc2c9d1ea726f73f05f20cef716b48bb2a0f157211be862783cf43d1a6
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook Payload
-
Adds policy Run key to start application
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-